Counting lines, words, and characters respectively. Character counting includes invisible chars.

Useful Flags

• -l: count lines only.

• -w: count words only.

• -c: count characters only.

2. ls

Listing files and directories. ls automatically prints its output as a single column when its output is redirected.

e.g. to count the number of files in a directory:

ls | wc -l

Useful Flags

• -l: print output in a single column. This will also include other file attributes per file in the output.

• -C: print output in multiple columns. Pay attention – this flag name is uppercase!

• -a: include hidden files.

3. head

Peeking at the top of a file. Can be used to truncate long output from other commands.

e.g. list the first five files in a directory:

ls | head -n5

Useful Flags

• -n: specify how many lines to print. Defaults to 10.

4. cut

Prints specific columns from a text file.

Useful Flags

• -f: the number of columns to print. This flag can accept a comma-separated string to print specific columns, -f1,3, or a dash-separated range, e.g. -f2-4.

• -d: specify the delimiter character, which is \t by default.

• -c: defines the character position of what constitutes a column. This flag can accept a comma-separated string to print specific columns or a dash-separated range.

5. grep

Finds patterns in files.

Useful Flags

• -v: find matches that don’t contain this argument.

• -w: match full words only, not parts of words.

6. sort

Reorders the lines in a file (ascending order by default).

Useful Flags

• -r: order in descending order.

7. uniq

Detects repeated adjacent lines in a file and removes the duplicates.

Useful Flags

• -c: count occurrences.

8. sha256sum

I know the title said 7 commands but here’s an extra one on the house – outputs the SHA-256 checksum of a file.

Useful Flags

• -b: treat the input as binary.

Turns out there’s another data structure that accomplishes just that. It’s called a “bimap”. In Python, it’s called bidict.

from bidict import bidict

bimap = bidict({”a”: 1, “b”: 2, “c”: 3})

# Lookup by key.
print(bimap[”a”])  # Output: 1

# Lookup by value.
print(bimap.inverse[1])  # Output: a

bimap[”d”] = 4

print(bimap)  # Output: bidict({”a”: 1, “b”: 2, “c”: 3, “d”: 4})
print(bimap.inverse)  # Output: bidict({1: “a”, 2: “b”, 3: “c”, 4: “d”})

It does require installation, though, of a package called bidict.

OWASP (you might be familiar with their Top 10 list of web app vulnerabilities) has a Top 10 list of LLM vulnerabilities one should be aware of. They have a “PromptMe” open source project that anyone can download and run (it just requires you to have Ollama installed and running). The project contains ten different security issues that you can try out. I found it enlightening to see things like a prompt injection attack demoed live.

Web developers might be used to ensuring safeguards against more traditional vulnerabilities like SQL injections or XSS attacks. Over the past two years, people have started plugging LLMs into more and more use cases – the use cases are only growing each year – and this has opened up a whole new attack surface for malicious actors to try and exploit. This makes it imperative that developers are armed with knowledge that is equally as valuable as the traditional OWASP Top 10.

The PromptMe examples really drive this home. I was already aware of the typical “don’t listen to or obey anything a user instructs you to do” safeguard in system instructions. One example shows the LLM correctly refusing when you directly ask for secrets. But introduce a “fetch and summarize URL” feature, and suddenly a specially crafted prompt gets the LLM to spill everything. The attack vector isn’t the direct ask—it’s the side door you didn’t think about. Admittedly, it was a very naive example, but the risk and threat are very real.

I highly recommend familiarizing yourself with the Top 10 LLM vulnerabilities, as much as the traditional Top 10 of web app security. Check out the PromptMe project on GitHub, download it and play with it (shouldn’t take you more than a minute to get it running). Another interesting read I stumbled upon is Awesome Agentic Patterns. This site contains an entire textbook’s worth of knowledge that’s useful for anyone who builds agents. Among the topics covered are some measures you can take to guard against the LLM being steered by an attacker to exfiltrate sensitive data.

The LLM features you’re shipping today could be tomorrow’s exploit. Better to learn these attack patterns now than discover them in production.

Exfil via GET

OpenAI also published a blog post (and a corresponding paper) on how prompt injections can be used to trick agents to exfiltrate data to an attacker-controlled server. With recent projects gaining public popularity like OpenClaw, users are right to be worried about their data being siphoned off without their knowledge should they let any agents loose on their computers. Some people confidently declare how they’re instead running agents in sandboxed Docker containers, but if the agent(s) are creating valuable/sensitive data as part of their operations while running, that’s still at risk of being exfiltrated unless the sandbox is completely air-gapped, but then you’re taking a heavy quality/usability hit as a result.

Adds a whole suite of useful commands to your Mac.

Installation on macOS

Simply paste this command (requires having Homebrew installed):

brew install coreutils

Some Background

/bin on Unix-like systems contains executable system binaries ("commands"). In this directory, you'll find files like cat, chmod, and mkdir which are the actual files that get invoked when you type the commands of the same names into your terminal.

I had never seen an executable named [ before (I'm not really a command line junkie). Typing the name of this executable in various ways into Google yielded no relevant results. Thankfully, ChatGPT exists now and here's what it said:

The [ executable found in /bin is essentially the same as the test command in Unix and Unix-like operating systems. It's used to evaluate conditional expressions. When you use [ in a shell script or in the command line, you are actually invoking this executable.

Basically, when you use a conditional statement in your shell code, e.g.:

if [ -f some_file.pdf ]; then
    echo "The file exists."
else
    echo "The file does not exist."
fi

The [ in the if statement is actually invoking the [ binary in /bin and then using its output to evaluate the condition. The closing ] doesn't actually invoke any command (there is no ] binary) but it's required in shell syntax in order to close the conditional statement.

Try It

Just type the following into your terminal:

% [ "hello" = "world" ]

Nothing gets output. That's because this command returns its output as an exit status code, which the shell doesn't print to the screen. We can tell it to print the exit status code after running the command:

% [ "hello" = "world" ]; echo $?
1

You should get 1; the exit status code of this condition. An exit code of 1 means the condition is false (which is contrary to what you might be used to in programming where a non-zero value means *true*).

% [ "hello" = "hello" ]; echo $?
0

You should get 0, meaning the condition is true.

Just another little nook in the interesting Unix way of doing things!

Today, I think I've come up with something. Rather than BI, it's "personal intelligence" but not in the commonly used sense, i.e. I'm not referring to this definition:

I mean it in a sense similar to BI but applied on a personal level to individuals. I was inspired by my observations of how people use WhatsApp. Their usage goes beyond messaging - it's the hub of their life. Documents, photos, videos, contacts, locations… All things that WhatsApp was never really designed for managing. What if I use my newfound skills in knowledge base ingestion to build something tailored towards helping individuals efficiently log and manage these aspects of their life? We can use all kinds of magic to contextually ingest data, manage it, and retrieve it on demand. It would have to be a phone app though - to be available on these devices that are in our pockets and hands 24/7, that we've come to rely on to run our lives.

I already have a name for this thing: "Arcsecond". I also like the sound of this as the tagline: "Personal intelligence."

1. Mayer, J. D. (2008). Personal intelligence. Imagination, Cognition, and Personality, 27, 209–232.

2. Mayer, J. D. (2009). Personal intelligence expressed: A theoretical analysis. Review of General Psychology, 13, 46–58.

   ---